Be on the lookout: Tax phishing scams are back

There are two new scams making the rounds this year you need to watch out for.

Scam #1: Review your W-2
In this scam, criminals send an official-looking email to try and trick you into reviewing “your” W-2 tax form. The BBB says subject line for this phishing attempt may be something like: “Document Received (scanned_1040_W2.pdf).”

The email message asks you to verify the information listed on the W-2 by clicking a link to a “secure” file shared using a reputable file sharing service. Rather than taking you to your W-2, the link could download malware on to your computer, or take you to a fake site designed to steal your information.

Scam #2: Payroll needs a copy of your W-2
Here, scammers do some homework and find out the names of company executives or the head of the payroll department. Armed with that information and using a technique called business email spoofing, they pose as that person over email.

The IRS says the email may start innocently enough by asking, “Hi, are you working today?” but eventually the fraudster asks you to send a copy of your current W-2. With the information, the criminals can file a tax return (keeping any and all refunds), request a wire transfer, and/or sell the your data on the Dark Web.

What you can do
The BBB and the IRS recommend these steps to steer clear of these scams:

1. Don’t click email links! Clicking on them could infect your computer with malware or take you to a fake third-party site designed to steal your information.

2. Hover over links. If the email has a link, hover your mouse over it to reveal its true destination. If something seems fishy (or phishy, as the case may be), don’t risk clicking on it.

3. Don’t open unsolicited emails. If you haven’t asked to be contacted, or don’t know who sent the email, put it straight in the recycle bin.

4. Be very, very careful about sharing personal information. Even if the email looks real, it might not be. And, don’t share your bank account, credit card, or social security data to anyone you don’t know personally.